US Coast Guard expands requirement for cyber coverage

The US Coast Guard has updated its guidance to marine inspectors and port state control officers on assessing cyber risk management in commercial vessels, expanding the range of vessels that must comply.

All US-flagged vessels that require a vessel security plan (VSP) must now have cyber coverage from December 31, 2021. This includes: cargo vessels over 100 gross register tonnage (GRT); passenger vessels certified to carry more than 150 passengers and those above 100 GRT; all vessels subject to the International Convention for the Safety of Life at Sea (SOLAS); barges carrying certain dangerous goods; and mobile offshore drilling units.

Philip Ponsford, deputy chief cyber officer at Astaara, a specialist marine cyber insurer, said: “This instruction provides further evidence of the increasing importance being placed by the US on cyber as an element of seaworthiness. This standards and enforcement regime will only become stricter and less tolerant of failures to implement cyber safety guidance and regulations.”

Ponsford noted that the sanctions that will be applied for non-compliance are severe. “All marine casualty and incident investigations will now assess cyber as a contributing factor where the cause is not obvious,” he said. “Reporting of casualties will include escalation to the appropriate federal authorities to ensure a coordinated cross-government response to mitigate any threat to the wider maritime transportation system.”